diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 2b762fa2eeef69..c099c0ac66b4da 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -1645,6 +1645,259 @@ thrown. Because public keys can be derived from private keys, a private key may be passed instead of a public key. +## Class: `X509Certificate` + + +Encapsulates an X509 certificate and provides read-only access to +it's information. + +```js +const { X509Certificate } = require('crypto'); + +const x509 = new X509Certificate('{... pem encoded cert ...}'); + +console.log(x509.subject); +``` + +### `new X509Certificate(buffer)` + + +* `buffer` {string|TypedArray|Buffer|DataView} A PEM or DER encoded + X509 Certificate. + +### `x509.ca` + + +* Type: {boolean} Will be `true` if this is a Certificate Authority (ca) + certificate. + +### `x509.checkEmail(email[, options])` + + +* `email` {string} +* `options` {Object} + * `subject` {string} `'always'` or `'never'`. **Defaults**: `'always'`. + * `wildcards` {boolean} **Defaults**: `true`. + * `partialWildcards` {boolean} **Defaults**: `true`. + * `multiLabelWildcards` {boolean} **Defaults**: `false`. + * `singleLabelSubdomains` {boolean} **Defaults**: `false`. +* Returns: {string|undefined} Returns `email` if the certificate matches, + `undefined` if it does not. + +Checks whether the certificate matches the given email address. + +### `x509.checkHost(name[, options])` + + +* `name` {string} +* `options` {Object} + * `subject` {string} `'always'` or `'never'`. **Defaults**: `'always'`. + * `wildcards` {boolean} **Defaults**: `true`. + * `partialWildcards` {boolean} **Defaults**: `true`. + * `multiLabelWildcards` {boolean} **Defaults**: `false`. + * `singleLabelSubdomains` {boolean} **Defaults**: `false`. +* Returns: {string|undefined} Returns `name` if the certificate matches, + `undefined` if it does not. + +Checks whether the certificate matches the given host name. + +### `x509.checkIP(ip[, options])` + + +* `ip` {string} +* `options` {Object} + * `subject` {string} `'always'` or `'never'`. **Defaults**: `'always'`. + * `wildcards` {boolean} **Defaults**: `true`. + * `partialWildcards` {boolean} **Defaults**: `true`. + * `multiLabelWildcards` {boolean} **Defaults**: `false`. + * `singleLabelSubdomains` {boolean} **Defaults**: `false`. +* Returns: {string|undefined} Returns `ip` if the certificate matches, + `undefined` if it does not. + +Checks whether the certificate matches the given IP address (IPv4 or IPv6). + +### `x509.checkIssued(otherCert)` + + +* `otherCert` {X509Certificate} +* Returns: {boolean} + +Checks whether this certificate was issued by the given `otherCert`. + +### `x509.checkPrivateKey(privateKey)` + + +* `privateKey` {KeyObject} A private key. +* Returns: {boolean} + +Checks whether the public key for this certificate is consistent with +the given private key. + +### `x509.fingerprint` + + +* Type: {string} + +The SHA-1 fingerprint of this certificate. + +### `x509.fingerprint256` + + +* Type: {string} + +The SHA-256 fingerprint of this certificate. + +### `x509.infoAccess` + + +* Type: {string} + +The information access content of this certificate. + +### `x509.issuer` + + +* Type: {string} + +The issuer identification included in this certificate. + +### `x509.keyUsage` + + +* Type: {string[]} + +An array detailing the key usages for this certificate. + +### `x509.publicKey` + + +* Type: {KeyObject} + +The public key {KeyObject} for this certificate. + +### `x509.raw` + + +* Type: {Buffer} + +A `Buffer` containing the DER encoding of this certificate. + +### `x509.serialNumber` + + +* Type: {string} + +The serial number of this certificate. + +### `x509.subject` + + +* Type: {string} + +The complete subject of this certificate. + +### `x509.subjectAltName` + + +* Type: {string} + +The subject alternative name specified for this certificate. + +### `x509.toJSON()` + + +* Type: {string} + +There is no standard JSON encoding for X509 certificates. The +`toJSON()` method returns a string containing the PEM encoded +certificate. + +### `x509.toLegacyObject()` + + +* Type: {Object} + +Returns information about this certificate using the legacy +[certificate object][] encoding. + +### `x509.toString()` + + +* Type: {string} + +Returns the PEM-encoded certificate. + +### `x509.validFrom` + + +* Type: {string} + +The date/time from which this certificate is considered valid. + +### `x509.validTo` + + +* Type: {string} + +The date/time until which this certificate is considered valid. + +### `x509.verify(publicKey)` + + +* `publicKey` {KeyObject} A public key. +* Returns: {boolean} + +Verifies that this certificate was signed by the given public key. +Does not perform any other validation checks on the certificate. + ## `crypto` module methods and properties ### `crypto.constants` @@ -3981,6 +4234,7 @@ See the [list of SSL OP Flags][] for details. [`util.promisify()`]: util.md#util_util_promisify_original [`verify.update()`]: #crypto_verify_update_data_inputencoding [`verify.verify()`]: #crypto_verify_verify_object_signature_signatureencoding +[certificate object]: tls.md#tls_certificate_object [encoding]: buffer.md#buffer_buffers_and_character_encodings [initialization vector]: https://en.wikipedia.org/wiki/Initialization_vector [list of SSL OP Flags]: https://wiki.openssl.org/index.php/List_of_SSL_OP_Flags#Table_of_Options diff --git a/doc/api/worker_threads.md b/doc/api/worker_threads.md index f32c2c4cf5ecf1..dff26be55e8111 100644 --- a/doc/api/worker_threads.md +++ b/doc/api/worker_threads.md @@ -468,6 +468,9 @@ are part of the channel.